lists@ingostruck.de wrote:
> Hello Scott, Adam, wg-list,
>
> I just want to give some input to the discussion about
> rfc 2617 and the MD5-sess algorithm described there.
My own concern, if the MD5-sess dialog is reopened, is to account for
the complete dismissal of MD5 for any authn/authz security applications
and to reopen the spec to extending the noonce to SHA1 / SHA2 semantics.
MD5 is already past it's prime, and SHA1 is heading that way as well.
It would be good to anticipate future hash support by adding anything
of SHA2 up to SHA-512 and providing for an extensible description of
the negotiated hash employed for this purpose.